-----Original Message----- From: Mark Thomas [mailto:ma...@apache.org] Sent: Friday, August 29, 2014 1:44 AM To: Tomcat Users List Subject: EXTERNAL: Re: Spnego authentication with Tomcat 7.0.55 on Linux 6.5 returns null from request.getremoteUser
On 29/08/2014 03:51, Seshadri, Usha wrote: > Hi, > I am trying to configure spnego out of the box on tomcat 7.0.55 on Linux 6.5, > with directions given at > http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html. And I am > trying to test the configuration with a sample hello_spnego.jsp file given > below. When I load http://localhost:8080/hello_spnego.jsp, the output is > "Hello null !" The getremoteUser() seems to be returning null. > My setup: > The KDC, client (machine running firefox) and tomcat server are all on the > same domain. The client (Firefox) is on the same machine as the tomcat > instance, linux 6.5. > Here is my configuration: > So, it is out of the box tomcat 7.0.55 install, I added these files to > $CATALINA_BASE/conf: > jaas.conf > krb5.ini > appserver.keytab (copied from KDC) > I am confident the jaas.conf, krb5.ini and the appserver.keytab > configurations are correct since I have successfully tested them with the > spnego library from sourceforge ( > http://spnego.sourceforge.net/spnego_tomcat.html ). > hello_spnego.jsp: > <html> > <head> > <title>Hello SPNEGO Example</title> > </head> > <body> > Hello <%= request.getRemoteUser() %> ! > </body> > </html> > I copied hello_spnego.jsp to webapps/ROOT, and edited > webapps/ROOT/WEB_INF/web.xml as follows: > < login-config> > <auth-method>SPNEGO</auth-method> > <realm-name>Tomcat Spnego example</realm-name> < /login-config> > <servlet> <servlet-name>Test</servlet-name> > <jsp-file>/hello_spnego.jsp</jsp-file> > </servlet> > <servlet-mapping> > <servlet-name>Test</servlet-name> > <url-pattern>*.jsp</url-pattern> > </servlet-mapping> > Am I missing anything in my configuration of web.xml? >You don't have any security constraints to trigger authentication. >Mark Mark, Thank you for getting back to me with this information. I added a security constraint to my web.xml, but did not specify an auth-constraint since I want all users to have access to it. I am still getting the null return from getremoteUser(). (Please note there are no roles/users specified in tomcat-users.xml). Web.xml: <security-constraint> <web-resource-collection> <web-resource-name>All Access</web-resource-name> <url-pattern>*.jsp<url-pattern> <http-method>DELETE</http-method> <http-method>PUT</http-method> <http-method>HEAD</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> </security-constraint> Is there something that needs to go in the security constraint? Thanks, Usha --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org